This may be the biggest ransomware attack ever. Since mid-April, Costa Rica has been subjected to a major cyberattack. A total of 27 public institutions in the country have been targeted. Nine were “very affected”, in the words of President Rodrigo Chaves. Among which the Ministry of Finance, responsible for collecting taxes, customs duties or paying the salaries of civil servants. And just last week, the Ministry of National Education had to disconnect all its servers in the face of a new attack. Worse still, the digital public health system has also been taken out of the system. Enough to fear delays in medical care, or certain surgical operations.
Several million dollars stolen
“The damage from this attack is estimated at several hundred million dollars,” said Esteban Jimenez, cybersecurity expert in San José, to our colleagues at Figaro. Normally, imports and exports are managed online. The customs service can receive up to 20,000 requests per hour. But after the attack, “all import or export requests had to be studied by hand”, explains the cybersecurity expert again. According to the first estimates of the Chamber of Foreign Commerce of Costa Rica, the national economy loses 30 million dollars a day because of this piracy.
The cyberattack would have been launched around April 12, during the interim between the second round of the presidential election and the entry into office of the newly elected, Rodrigo Chaves. It was not made public until the beginning of May by the government of former President Carlos Alvarado, a few days before the end of his mandate. Until then, the authorities had used technical incidents as a pretext to justify the difficulties in accessing several official sites. The first ransom demand amounted to 10 million dollars (9.3 million euros), to be paid under penalty of publication of stolen documents. Costa Rica had refused, which caused an amplification of the attacks.
To deal with this massive attack, the newly elected president, Rodrigo Chavez, has announced the launch of a national cybersecurity plan. Added to this is financial and material support from the United States, Spain and even Israel. “We are at war, I am not exaggerating,” insisted the Costa Rican president during a press conference last May. The national state of emergency has remained in effect ever since.
A group of originally Russian hackers
A first series of attacks was claimed by the group of cybercriminals Conti, operating in particular from Saint Petersburg, in Russia, and reputed to be close to the Kremlin. The group claims 20 million dollars, without which it is able to release several million pieces of information stolen from the country’s administrations. The hackers even went so far as to issue an online appeal to Costa Ricans to “take to the streets and demand that their government pay the ransom”.
In France, a recent survey conducted by the Cnil and the Central Office for the Fight against Crime related to Information and Communication Technologies and the judicial police recently found that the group was among the most active. “The Conti hacker group is the most active in terms of victims. These cybercriminals work with the Ryuk malware, which is now well known to the relevant authorities. It is malicious software that has targeted many organizations in critical sectors, including the hospital emergency services”.
According to information from the American newspaper New York Timesthe criminal group would have amassed in two years nearly 150 million dollars, thanks to a thousand operations of “ransomware”, all over the world.